cleantalk
Vulnerabilities and Security Researches

Directory Listings WordPress plugin – uListing, CVE-2026-28078

CVE, Research URL

CVE-2026-28078

Home page URL

Security reports for Directory Listings WordPress plugin – uListing

Application

Directory Listings WordPress plugin – uListing

Published on
Mar 05, 2026
Research Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Stylemix uListing ulisting allows Path Traversal.This issue affects uListing: from n/a through <= 2.2.0.
Affected versions
max 2.2.0.
Status
vulnerable
Previous vulnerability researches
YayMail &#8211; WooCommerce Email Customizer (CVE-2026-27327) , Mar 29, 2026
New vulnerability
Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration &#8211; WpRently | WordPress plugin (CVE-2026-23972) , Mar 30, 2026
ElementInvader Addons for Elementor (CVE-2026-25007) , Mar 30, 2026
Featured Image from Content (CVE-2026-27759) , Mar 30, 2026
Mollie Payments for WooCommerce (CVE-2025-68501) , Mar 30, 2026
SMTP &#8211; 100% Free &amp; Open Source SMTP plugin for WordPress &#8211; Bit SMTP (CVE-2026-32519) , Mar 30, 2026